Dear iXsystems Customers:
On May 14th, 2019, Intel released the security advisory below regarding a new CPU microarchitecture vulnerability that affects CPUs with Hyperthreading technology prior to 8th Generation Intel® Core™ processors and 2nd Generation Intel® Xeon® processor Scalable family. This vulnerability was found in a lab environment, and there are no known exploits at this time. Intel has addressed this issue with hardware architectural changes in its newest CPUs.
To minimize exposure to this issue, standard security principles and practices that prevent access to your systems are your best line of defense, as always. However, full minimization of the issue requires a firmware and OS update or the disablement of HyperThreading on your systems within the BIOS. To receive firmware updates or instructions on disabling hyperthreading for your iXsystems servers, please open a support ticket in our Customer Portal, and our Support Team will guide you through the process.
iXsystems Security Team
Advisory from Intel:
Intel would like to address a new group of vulnerabilities called Microarchitectural Data Sampling (MDS). These were first found by Intel and then independently reported to Intel by security researchers. The MDS vulnerabilities include techniques which exploit speculative operations accessing data in microarchitectural structures within the CPU to expose bits of information through a side channel. Please note, these structures are small and frequently overwritten. However, with a large enough data sample, time, or control of the target system’s behavior, MDS may provide an attacker with access to data that they should not be able to see. It is also important to note that Intel is not aware of any real world exploits of these vulnerabilities.
Intel has addressed MDS in hardware starting with select 8th and 9th Generation Intel® Core™ processors and the 2nd Generation Intel® Xeon® processor Scalable family.
To address MDS in other products, Intel released microcode updates on May 14th, 2019 that are being delivered through firmware updates from system manufacturers. The microcode updates are coupled with corresponding updates to operating systems and hypervisor software. Together, these changes will help keep systems protected. However, these changes may not fully protect systems that use Simultaneous Multi-Threading (SMT). Customers that use these systems should consider how they utilize SMT, guidance from operating systems and virtual machine vendors and their own environment. Because these factors vary considerably, Intel is not recommending that Intel® Hyper-Threading Technology (Intel® HT Technology) be disabled, and it’s important to understand that disabling Intel HT Technology does not alone provide protection against MDS.
You can find more information and other resources regarding MDS at www.intel.com/securityfirst.